Search within Legislation

An Act to make provision for securing computer material against unauthorised access or modification, to require or authorise the taking of measures to ensure cybersecurity, and for matters related thereto.

[Act 3 of 2013 wef 13/03/2013]

[30th August 1993]

PART I

PRELIMINARY

Short title

1. This Act may be cited as the Computer Misuse and Cybersecurity Act.

[Act 3 of 2013 wef 13/03/2013]

Interpretation

2.—(1) In this Act, unless the context otherwise requires —

“computer” means an electronic, magnetic, optical, electrochemical, or other data processing device, or a group of such interconnected or related devices, performing logical, arithmetic, or storage functions, and includes any data storage facility or communications facility directly related to or operating in conjunction with such device or group of such interconnected or related devices, but does not include —

(a)

an automated typewriter or typesetter;

(b)

a portable hand-held calculator;

(c)

a similar device which is non-programmable or which does not contain any data storage facility; or

(d)

such other device as the Minister may, by notification in the Gazette, prescribe;

“computer output” or “output” means a statement or representation (whether in written, printed, pictorial, graphical or other form) purporting to be a statement or representation of fact —

(a)

produced by a computer; or

(b)

accurately translated from a statement or representation so produced;

“computer service” includes computer time, data processing and the storage or retrieval of data;

“damage” means, except for the purposes of section 13, any impairment to a computer or the integrity or availability of data, a program or system, or information, that —

(a)

causes loss aggregating at least $10,000 in value, or such other amount as the Minister may, by notification in the Gazette, prescribe except that any loss incurred or accrued more than one year after the date of the offence in question shall not be taken into account;

(b)

modifies or impairs, or potentially modifies or impairs, the medical examination, diagnosis, treatment or care of one or more persons;

(c)

causes or threatens physical injury or death to any person; or

(d)

threatens public health or public safety;

“data” means representations of information or of concepts that are being prepared or have been prepared in a form suitable for use in a computer;

“electro-magnetic, acoustic, mechanical or other device” means any device, apparatus or program that is used or is capable of being used to intercept any function of a computer;

[Act 22 of 2017 wef 01/06/2017]

“function” includes logic, control, arithmetic, deletion, storage and retrieval and communication or telecommunication to, from or within a computer;

“intercept”, in relation to a function of a computer, includes listening to or recording a function of a computer, or acquiring the substance, meaning or purport thereof;

“program or computer program” means data representing instructions or statements that, when executed in a computer, causes the computer to perform a function.

[21/98]

(2) For the purposes of this Act, a person secures access to any program or data held in a computer if by causing a computer to perform any function he —

(a)

alters or erases the program or data;

(b)

copies or moves it to any storage medium other than that in which it is held or to a different location in the storage medium in which it is held;

(c)

uses it; or

(d)

causes it to be output from the computer in which it is held (whether by having it displayed or in any other manner),

and references to access to a program or data (and to an intent to secure such access) shall be read accordingly.

(3) For the purposes of subsection (2)(c), a person uses a program if the function he causes the computer to perform —

(a)

causes the program to be executed; or

(b)

is itself a function of the program.

(4) For the purposes of subsection (2)(d), the form in which any program or data is output (and in particular whether or not it represents a form in which, in the case of a program, it is capable of being executed or, in the case of data, it is capable of being processed by a computer) is immaterial.

(5) For the purposes of this Act, access of any kind by any person to any program or data held in a computer is unauthorised or done without authority if —

(a)

he is not himself entitled to control access of the kind in question to the program or data; and

(b)

he does not have consent to access by him of the kind in question to the program or data from any person who is so entitled.

(6) A reference in this Act to any program or data held in a computer includes a reference to any program or data held in any removable storage medium which is for the time being in the computer; and a computer is to be regarded as containing any program or data held in any such medium.

(7) For the purposes of this Act, a modification of the contents of any computer takes place if, by the operation of any function of the computer concerned or any other computer —

(a)

any program or data held in the computer concerned is altered or erased;

(b)

any program or data is added to its contents; or

(c)

any act occurs which impairs the normal operation of any computer,

and any act which contributes towards causing such a modification shall be regarded as causing it.

[S 92/97]

(8) Any modification referred to in subsection (7) is unauthorised if —

(a)

the person whose act causes it is not himself entitled to determine whether the modification should be made; and

(b)

he does not have consent to the modification from any person who is so entitled.

(9) A reference in this Act to a program includes a reference to part of a program.